[Owasp-leaders] Penetration Testing Guidance
jim.manico at owasp.org
Fri Mar 27 20:16:10 UTC 2015
Thanks for pointing this out.
A few notes:
1) A slight de-emphasis in the OWASP Top Ten, a sign of maturity I think.
" ...It was during this step that testing of the applications for issues
related to the OWASP Top 10 *and other web application frameworks* took
place. Penetration Testing Guidance "
"... Discussion of the penetration tester’s familiarity with testing to
validate the OWASP Top 10 *and other similar application secure-coding
standards* and examples of application penetration testing efforts
conducted by the organization may be warranted. Penetration Testing
2) More emphasis on the OWASP Testing Guide (a much more comprehensive
guide to assessment that any other OWASP resource).
"... An examination of this type could be conducted in accordance with
information system security assessment best practices such as described
by the Open Source Security Testing Methodology Manual (“OSSTMM”), The
National Institute of Standards and Technology (“NIST”) Special
Publication 800-115, Technical Guide to Information Security Testing and
Assessment, or the *Open Web Application Security Project (OWASP)
testing methodology as defined in the **OWASP Testing Guide v.3.0**.* "
Pretty cool. A good step. I look forward to the day when PCI and other
standards start referencing ASVS - it's probably one of the more
important standards that addresses what PCI is really looking for, I
On 3/27/15 1:43 PM, Tom Brennan wrote:
> Congratulations to the many persons that have contributed in one way
> or another to OWASP projects that have been referenced in the revised
> standard that was issued from the PCI Standards Council
> The full scope document will IMHO help organizations better understand
> and scope projects and that is a win-win for everyone involved with
> being proactive about risk.
> It will also bring additional positive visibility to the OWASP
> Foundation worldwide including the OWASP PCI Toolkit
> https://www.owasp.org/index.php/Category:OWASP_PCI_Project and many
> #TGIF well done!
> Semper Fi,
> Tom Brennan
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-Leaders